A Survey of Stealth Malware: Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions

Development of generic and autonomous anti-malware solutions is becoming increasingly vital as the deployment of stealth malware continues to increase at an alarming rate. In this paper, we survey malicious stealth technologies as well as existing autonomous countermeasures. Our findings suggest that while machine learning offers promising potential for generic and autonomous solutions, both at the network level and at the host level, several flawed assumptions inherent to most recognition algorithms prevent a direct mapping between the stealth malware recognition problem and a machine learning solution. The most notable of these flawed assumptions is the closed world assumption: that no sample belonging to a class outside of a static training set will appear at query time. We present a formalized adaptive open world framework for stealth malware recognition, relating it mathematically to research from other machine learning domains.